Hi Team - We noticed in prefecthq/prefect:2.10.20-python3.10 and prefecthq/prefect:2.17.1-python3.10 contains a critical vulnerability in zlib.
https://security-tracker.debian.org/tracker/CVE-2023-45853
Can we upgrade zlib to this version? 1:1.3.dfsg-3
Chris Gunderson
04/16/2024, 8:13 PM
We are using the Prefect images as our base image.
n
Nate
04/16/2024, 8:47 PM
hi @Chris Gunderson - thanks for the report! looking into this
👍 1
Nate
04/16/2024, 9:26 PM
hi @Chris Gunderson - I do see that the version listed as vulnerable is installed on prefect images
however it seems like this version is coming from the
python:{MINOR}-slim
base images that our images are built
FROM
.
Can we upgrade zlib to this version? 1:1.3.dfsg-3
Have you encountered any issues while trying to do this?
c
Chris Gunderson
04/16/2024, 9:26 PM
I haven't tried yet
Chris Gunderson
04/17/2024, 7:47 PM
Hi @Nate - I wasn't able to upgrade to the latest version which is on linux release trixie or sid. I think this is due to being on the bookworm release.
Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.